================
@@ -497,6 +497,27 @@ void FactsGenerator::handlePointerArithmetic(const
BinaryOperator *BO) {
}
void FactsGenerator::VisitBinaryOperator(const BinaryOperator *BO) {
+ if (BO->getOpcode() == BO_PtrMemD || BO->getOpcode() == BO_PtrMemI) {
+ // `obj.*pm` / `objptr->*pm` names a member of the object, so a borrow of
it
+ // borrows the object; flow the object's origin into the result. For `.*`
+ // the object is the LHS; for `->*` it is the LHS pointer's pointee.
+ //
+ // Only the result's outer (storage) origin relates to the object:
borrowing
+ // the member borrows the object's storage. Deeper levels of the result (a
+ // pointer/view member's own pointee) are the member's value, with no
+ // counterpart in the object's origin -- so the lists may differ in length
+ // and we flow just the top level, leaving the member's value untouched.
+ OriginList *Dst = getOriginsList(*BO);
+ OriginList *ObjSrc =
+ BO->getOpcode() == BO_PtrMemD
+ ? getOriginsList(*BO->getLHS())
+ : getRValueOrigins(BO->getLHS(), getOriginsList(*BO->getLHS()));
+ if (Dst && ObjSrc)
+ CurrentBlockFacts.push_back(FactMgr.createFact<OriginFlowFact>(
+ Dst->getOuterOriginID(), ObjSrc->getOuterOriginID(), /*Kill=*/true));
+ handleUse(BO->getLHS());
----------------
Xazax-hun wrote:
No, I think this is legitimate and is analogous to the
`handleUse(BO->getRHS());` below. This means that if the LHS of the operator
dangles we do want to warn (this is a legitimate dereference operation).
That being said I think the whole model will be simplified when we switch to
consider the `LValueToRValue` conversions as uses (in addition to passing
lvalues to functions, or escaping them).
https://github.com/llvm/llvm-project/pull/204612
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
